CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,779 vulnerabilities with CWE-89
CVE-2023-0561
MEDIUM
Online Tours & Travels Management System 1.0 - SQL Injection via /user/s.php id Parameter
CVSS 6.3
CVE-2023-0560
MEDIUM
Online Tours & Travels Management System 1.0 - SQL Injection via admin/practice_pdf.php id Parameter
CVSS 4.7
CVE-2023-0534
MEDIUM
Online Tours & Travels Management System 1.0 - SQL Injection via admin/expense_report.php to_date Parameter
CVSS 4.7
CVE-2023-0533
MEDIUM
Online Tours & Travels Management System 1.0 - SQL Injection via from_date Parameter
CVSS 4.7
CVE-2023-0532
MEDIUM
Online Tours & Travels Management System 1.0 - SQL Injection via admin/disapprove_user.php id Parameter
CVSS 4.7
CVE-2023-0531
MEDIUM
Online Tours & Travels Management System 1.0 - SQL Injection via admin/booking_report.php to_date Parameter
CVSS 4.7
CVE-2023-0530
MEDIUM
Online Tours & Travels Management System 1.0 - SQL Injection via admin/approve_user.php id Parameter
CVSS 4.7
CVE-2023-0529
MEDIUM
Online Tours & Travels Management System 1.0 - SQL Injection via admin/add_payment.php id Parameter
CVSS 4.7
CVE-2023-0528
MEDIUM
Online Tours & Travels Management System 1.0 - SQL Injection via admin/abc.php id Parameter
CVSS 4.7
CVE-2023-0516
MEDIUM
Online Tours & Travels Management System 1.0 - SQL Injection via Forget Password Email Parameter
CVSS 5.5
CVE-2023-0515
MEDIUM
Online Tours & Travels Management System 1.0 - SQL Injection via admin/forget_password.php Email Parameter
CVSS 5.5
CVE-2023-23331
CRITICAL
Amano Xoffice 7.1.3879 - SQL Injection
CVSS 9.8
CVE-2023-22630
MEDIUM
IzyBat Orange casiers < 20221102_1 - SQL Injection via getCasier.php taille Parameter
CVSS 4.3
CVE-2023-23824
MEDIUM
WP-TopBar <= 5.36 - Authenticated SQL Injection
CVSS 6.7
CVE-2023-23492
HIGH
Login with Phone Number WordPress Plugin < 1.4.2 - Authenticated SQL Injection via ID Parameter
CVSS 8.8
CVE-2023-23490
HIGH
Survey Maker WordPress Plugin < 3.1.2 - Authenticated SQL Injection via surveys_ids Parameter
CVSS 8.8
CVE-2023-23489
CRITICAL
Easy Digital Downloads < 3.1.0.4 - Unauthenticated SQL Injection via 's' Parameter
CVSS 9.8
CVE-2023-23488
CRITICAL
Paid Memberships Pro < 2.9.8 - Unauthenticated SQL Injection via Order REST Route Code Parameter
CVSS 9.8
CVE-2023-20010
HIGH
Cisco Unified Communications Manager < 12.5(1)su7 - Authenticated SQL Injection
CVSS 8.1
CVE-2023-22727
CRITICAL
CakePHP 4.2.0-4.2.11 - SQL Injection via Query::limit() and Query::offset()
CVSS 9.8
CVE-2023-0332
HIGH
SourceCodester Online Food Ordering System 2.0 - SQL Injection via admin/manage_user.php id Parameter
CVSS 7.3
CVE-2023-0324
HIGH
SourceCodester Online Tours & Travels Management System 1.0 - SQL I...
CVSS 7.3
CVE-2023-0305
MEDIUM
SourceCodester Online Food Ordering System - SQL Injection
CVSS 6.3
CVE-2023-0304
MEDIUM
SourceCodester Online Food Ordering System - SQL Injection
CVSS 6.3
CVE-2023-0303
MEDIUM
SourceCodester Online Food Ordering System - SQL Injection
CVSS 6.3
Details
Vulnerabilities
19,779
Exploit Likelihood
High